Use Online Mode
Keep online-mode=true in server.properties. This requires all players to have valid, paid Minecraft accounts. Disabling it opens your server to impersonation and security risks.
Enable Whitelist
For private servers, use /whitelist on and only add trusted players. This prevents random strangers from joining and griefing.
Install Anti-Grief Plugins
- CoreProtect — Logs every block change. Roll back any grief instantly.
- GriefPrevention — Lets players protect their land claims from modification.
Use Permission Groups
Install LuckPerms and give players the minimum permissions they need. Do not give op permissions to untrusted players — op bypasses most plugin restrictions.
Keep Plugins Updated
Outdated plugins can have security vulnerabilities. Check for plugin updates regularly and apply them promptly.
DDoS Protection
CraftNodes includes enterprise DDoS protection on all plans. Your server IP is protected against volumetric attacks without any configuration needed.
Back Up Regularly
The best security is a good backup. Even if the worst happens, a recent backup lets you recover quickly. Set up automated daily backups in your Pterodactyl panel.